WordPress websites infected by malicious plugin

Up to 200,000 WordPress websites have been infected after hackers used a plugin to install a backdoor, allowing spam to be uploaded.

Research carried out by an IT security company, WordFence, discovered that the plugin is called Display Widgets. If your WordPress website has this plugin installed it should be removed immediately. It is believed that the malicious code has been in the plugin for the last three releases.

The plugin was originally open-source, meaning the source code was openly available for everyone to see, reducing the risk of any malicious code being added. However, earlier this year the original author sold the plugin and the new maintainers made it closed-source, meaning the source code is no longer public.

According to the CEO of WordFence, the plugin has been added and removed from the WordPress plugin repository four times after users complained that they had spam added to their website, with the source originating from the Display Widgets plugin.

WordFence is a popular WordPress security plugin, and as their researchers discovered the backdoor, it is likely their plugin will notify you if the Display Widgets plugin is installed. We would recommend double checking yourself to ensure your WordPress website remains secure and spam free.

The original developers of the Display Widgets plugin have published an update on their website, highlighting a fixed version they have published to the Wordpress plugin repository. The fixed version is 2.7 and removes any of the malicious code that was added after the sale. The plugin has since been shut down so no new updates can be published.

If you have a WordPress website hosted with us you do not need to worry as this plugin has not been used. However, if you have any further queries about this or any other web related security issues please do not hesitate to contact us.

Dimension6000 Web
T: 01733 772095
E: hello@dimension6000.com